Vulnerabilities > CVE-2022-4148 - Missing Authorization vulnerability in Dash10 Oauth Server

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
LOW
Availability impact
NONE
network
low complexity
dash10
CWE-862

Summary

The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.3.0 has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client.

Vulnerable Configurations

Part Description Count
Application
Dash10
91

Common Weakness Enumeration (CWE)